Shmoocon 2012 – tombom.co.uk
In the absence of an “official” download link for these so far (although I’m sure they’ll be up on the Shmoocon page soon enough), my slides from Shmoocon this year. Seems it got a little press coverage and a whole bunch of attention on Twitter, so I figured I should get these out ASAP.

RFCAT released! – atlas.r4780y.com
I should probably post *new* slides here within a week. Subscribe to the rss feed to be notified when I post them. I’m going to see if I can’t nail down a few more details that were bugging me on the demo’s, and actually talk to the insulin pump.

Changes to Apple MDM for iOS 5.x – intrepidusgroup.com
I presented an updated talk on Apple’s iOS MDM system at ShmooCon 8. I had a great time, and really enjoyed all the questions and nice comments I received afterwards. I thought I’d mention a couple of the changes that iOS 5 provide.

Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference – blog.mandiant.com
This was my first time heading to the DoD Cyber Crime Conference in Atlanta. The DoD Cyber Crime Center (DC3) hosts the conference every year. DC3first started as a resource for DoD and Law Enforcement and has grown over the years to include many different organizations that work together to combat Cyber Crime.

{book review} The Tangled Web – blog.c22.cc
The Tangled Web is split into 3 parts, starting off with a concise walk-through of the underlying technologies of the web. Unlike so many other books that take for granted that the reader is already up to par on the backstory, Zalewski takes the time to really dig deep into the tools, protocols and RFCs that run the modern web.

Keychain Dumper Updated for iOS 5 – labs.neohapsis.com
I’ve received a few issue submissions on github regarding various issues people have had getting Keychain Dumper to work on iOS 5. I meant to look into it earlier, but I was not able to dedicate any time until this week. Besides a small update to the Makefile to make it compatible with the latest SDK, the core issue seemed to have something to do with code signing.

An Update on Android.Counterclank – symantec.com
Last week, we posted a blog informing Android users of the discovery of new versions of Android.Tonclank, which we have named Android.Counterclank. The blog generated a bit of discussion over whether these new versions should be a concern to Android users.

UPDATE: inSSIDer v2.1.0.1379! – metageek.net
inSSIDer is an award-winning free, open-source Wi-Fi network scanner for Windows Vista andWindows XP. Because NetStumbler doesn’t work well with Vista and 64-bit XP, the authors built an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems.

Passware claims FileVault 2 can be cracked in under an hour, sells you the software to prove it – engadget.com
Lunch hours may never feel safe again. That is, if you have a Mac running Lion / FileVault 2, like leaving your computer around, or have unscrupulous colleagues. Data recovery firm Passware claims its “Forensic” edition software can decrypt files protected by FileVault 2 in just 40 minutes — whether it’s “letmein” or “H4x0rl8t0rK1tt3h” you chose to stand in its way.

Techniques

Windows Loader and ASLR on Binaries – marcoramilli.blogspot.com
Summing up for newer readers, Windows Loader looks for a specific FLAG into the PE Header. In the PE Header, specifically in the IMAGE_OPTIONAL_HEADER section there is a flag called DLL Characteristics that defines many features for the executable during its loading time, 1 of them being ASLR.

x64 Windows Shellcode – blog.didierstevens.com
Last year I found great x64 shellcode for Windows on McDermott’s site. Not only is it dynamic (lookup API addresses), but it even handles forwarded functions.

Ubertooth: Bluetooth Address Breakdown – intrepidusgroup.com
The IG crew is just heading back from ShmooCon, which reminds me of last year’s awesome talk on the Ubertooth One. Intrepidus backed the kickstarter project and, as promised, got 2 Ubertooths. We recently started playing with it, and have a couple of tips and a supplementary script.

Vendor/Software Patches

Android and Security – googlemobile.blogspot.com
The last year has been a phenomenal one for the Android ecosystem. Device activations grew 250% year-on-year, and the total number of app downloads from Android Market topped 11 billion. As the platform continues to grow, we’re focused on bringing you the best new features and innovations – including in security.

Vulnerabilities

TDL4- Purple Haze

TDL4 – Purple Haze (Pihar) Variant – sample and analysis – contagiodump.blogspot.com
I recently ran into an interesting piece of malware that was downloaded on a victim’s computer. I thought it was TDL/TDSS or maybe a new version of it as it had same components as TDL4 bootkit with a functionality of a mass scale PPC (pay-per-click) fraud. TDL had this functionality too and it is most likely spread by the same Russian-speaking gangs using the Blackhole exploit kit.

TDL4 reloaded: Purple Haze all in my brain – blog.eset.com
This week we received an untypical sample of Win32/Olmarik.AYD (TDL4) from Mila (of the contagiodump blog). We have already spent a long time tracking TDL4 bootkit family (The Evolution of TDL: Conquering x64) and this time we are seeing key modifications to the dropper and hidden file system.

Android.Counterclank Found in Official Android Market – symantec.com
Symantec has identified multiple publisher IDs on the Android Market that are being used to push outAndroid.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device.

Build Up Your Phone’s Defenses Against Hackers – nytimes.com
Technology experts expect breached, infiltrated or otherwise compromised cellphones to be the scourge of 2012. The smartphone security company Lookout Inc.estimates that more than a million phones worldwide have already been affected.

Exploiting CVE-2011-2140 another flash player vulnerability – abysssec.com
Before going future we are sorry to not update blog regularly, but it’s due to we are busy with stack of projects and also working on our expert training courses.
So as we didn’t post any blog post here we go with another flash player exploit we wrote long time ago.

US officials say cyber crimes will overtake terrorism as top threat – slashgear.com
Just as authentication service VeriSign admitted it has been hit by very strong hacking attacks a couple years ago, US officials have revealed that computer crimes will be more of a threat to the country than terrorism. VeriSign is an example of how cyber attacks can affect tens of millions of civilians, but government offices are also the target of malicious hackers.

Verisign hacked, data stolen – scmagazine.com.au
Verisign has admitted it was hacked repeatedly in 2010 and could not pin down what data was stolen.

Half of Fortune 500 firms infected with DNS Changer – computerworld.com
Half of all Fortune 500 companies and major U.S. government agencies own computers infected with the “DNS Changer” malware that redirects users to fake websites and puts organizations at risk of information theft, a security company said today.

Leave A Comment

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.